Draft: Let's Encrypt Picks Merkle Tree Certificates for Post-Quantum TLS#35
Draft
krakenhavoc wants to merge 1 commit into
Draft
Draft: Let's Encrypt Picks Merkle Tree Certificates for Post-Quantum TLS#35krakenhavoc wants to merge 1 commit into
krakenhavoc wants to merge 1 commit into
Conversation
krakenhavoc
added a commit
that referenced
this pull request
Jun 30, 2026
- Add public-ca-eku-separation-june-2026.md to src/posts/ tree - Note upcoming lets-encrypt-merkle-tree-certificates.md (web PR #35, opened 2026-06-24)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sources
Uniqueness check
Three most recent posts reviewed:
public-ca-eku-separation-june-2026.md(2026-05-27) -- clientAuth EKU removal from public TLS intermediates. No overlap.sc098v2-caa-rfc8657-mandatory.md(2026-05-20) -- CAA RFC 8657 parameter enforcement. No overlap.post-quantum-tls-certificate-readiness.md(2026-04-19) -- General PQC migration overview covering ML-DSA algorithm sizes and hybrid certificate strategy. The April post addresses the problem space; this post covers the specific architectural solution (MTC) that Let's Encrypt committed to on June 3. No substantial overlap.Why this topic this week
Let's Encrypt's June 3 announcement is the first public commitment from a major CA to the MTC architecture. Because Let's Encrypt issues 54% of public TLS certificates, this decision effectively determines whether MTCs become viable across the majority of the encrypted web. The IETF PLANTS draft-04 was revised nine days before the announcement, making this the right moment to document both the protocol mechanics and what ACME operators need to track.